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Abstract 



We construct an explicit minimal strong Grobner basis of the ideal of 
. vanishing polynomials in the polynomial ring over Z/m for m > 2. The 

proof is done in a purely combinatorial way. It is a remarkable fact that 
the constructed Grobner basis is independent of the monomial order and 
■ that the set of leading terms of the constructed Grobner basis is unique, 

up to multiplication by units. We also present a fast algorithm to compute 
reduced normal forms, and furthermore, we give a recursive algorithm for 
building a Grobner basis in Z/m[xi, X2, ■ ■ ■ ,Xn] along the prime factor- 
\l ' ization of m. The obtained results are not only of mathematical interest 

but have immediate applications in formal verification of data paths for 
microelectronic systems-on-chip. 
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■ Although the basic properties of Grobner bases in polynomial rings over a ring C 

I are well-known (see [1]), they have not been studied very much, mainly because 

they were considered as academic, in contrast to the case where the ground ring 
. ^ ^ C is a field. Recently however, Grobner basis techniques in polynomial rings 

i over C = Z/m (in particular Z/2'^) have attracted some attention due to their 

H ' potential applications to proving correctness of data paths in system-on-chip 

. P. ; design (cf. e.g. ^M, M)- 

When the underlying ring C has only finitely many elements, then there exist 
polynomials in C[xi,X2, ■ ■ ■ , Xn] which evaluate to zero for all (oi, 02, . . . , a„) CE 
C", called vanishing polynomials. Thus, any polynomial function / : C" C 
given by an arbitrary element / € C[xi, 2:2, ... , will have many alternative 
representations in C[xi,X2, ■ ■ ■ , Xn], f ~ f + g, for all g that constantly van- 
ish on C". All vanishing polynomials constitute an ideal /o. 
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In the applications mentioned above, not the polynomials but only the polyno- 
mial functions are of interest. Thus, if we want to apply algebraic methods we 
need to be able to efficiently compute normal forms of polynomials with respect 
to a Grobner basis of /q. In the presented paper, we set the theoretical ground 
and provide fast algorithms for doing these computations. 

From a mathematical point of view, Iq C Z/m[a;i, 2:2, ... , x„] has some interest- 
ing properties. In this paper, we will give an explicit minimal strong Grobner 
basis Gm for /q. As will turn out, Gm is a Grobner basis with respect to every 
global monomial order. Moreover, we will show for any alternative minimal 
strong Grobner basis G of /g C 'Z/m[xi,X2, ■ ■ ■ ,Xn] that the sets of leading 
terms of G„i and G are the same up to multiplication by units. This is re- 
markable, since the ring Z/to has zero divisors. In general, the leading terms of 
two minimal strong Grobner bases of an ideal / C C[xi, X2, ■ ■ ■ , Xn] need not be 
related by a unit but only by some element of C. We will prove both properties 
and show also that in general all minimal strong Grobner bases of an arbitrary 
ideal / C C[xi, X2, ■ ■ ■ , Xn] have the same number of elements. 

From a practical point of view, as mentioned above, engineering tasks involving 
the computation of Grobner bases over finite rings will often need to deal with 
vanishing polynomials. This is due to the fact that normally the elements of a 
Grobner basis G will be used to decide the consistency of a mathematical model. 
And typically, such a check involves the question whether the set of zeros of all 
polynomials / S G coincides with the set of all feasible input-output vectors 
of the modelled artifact; see also [7]. Our interest was specifically spurred by 
a cooperation with the local Electronic Design Automation Group in which we 
use Grobner bases to formally verify chip designs. More precisely, a given verifi- 
cation task is translated into a polynomial ideal in where typically fc = 32 
or fc = 64; cf. [11]. For the special case of polynomial datapath verification 
we also refer to [l^ in which it was shown that the Grobner basis approach 
proves tractable for industrial applications where standard property checking 
techniques failed. 

This paper is organized as follows. Section 2 briefly recalls the basic concepts 
from the theory of polynomial rings and Grobner bases needed later. Section 
3 starts by presenting canonical members of the ideal of vanishing polynomials 
Iq C Z/m[xi, X2, . . ■ , Xn]. Next we show that the leading term of any given van- 
ishing polynomial is divisible by the leading term of an appropriate canonical 
member. This relation enables us to finally construct an explicit minimal strong 
Grobner basis Gm of Jq C Z/m[xi,X2, ■ ■ ■ ,Xn]. We also show that the size of 
Gm is of polynomial order of degree k in the number of variables n, when we 
are in the practically relevant case m = 2^ . 

The theoretical results are followed by algorithms for computing reduced nor- 
mal forms with respect to the constructed basis, and for recursively computing 
a Grobner basis of /q C 'Zi/m[xi^X2, ■ ■ ■ ,Xn] along the prime factorization of 
m. The normal form algorithm has been implemented in the computer algebra 
system SINGULAR [3] and successfully applied, [12] . 
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2 Preliminaries 



Let C be a commutative, noetherian ring with 1, and C[x] := C[xi,X2, ■ • • ,Xn] 
a multivariate polynomial ring over C, where n > 1. For any multi-index 
a = (ai, . . . , a„) £ {0, 1,2,.. .}"■, a product of variables x" := x"^ ■ ■ ■ x"" is 
called a monomial, and a product a ■ x" with a G C is called a term. 
Given two multi-indices a = (ai, . . . , an), P = . . . , /?„), we define a ± /3 := 
(ai ± . . . , q;„ ± /3„). We may compare a and /? according to the predicate 
a r< /3 Vi G {1, . . . , n} : ai < Pi, and similarly Q;^/3:<^Q;r^/?AQ;^/?. 
For a = (ai, . . . , a„) G {0, 1,2,.. .}", we write a! := ai! • • ■ «„!, and \a\ := 
ai + . . . + an- 

Moreover, we require the polynomial ring C[x] to be equipped with a global 
monomial order <, i. e., < is a well-order on the set of monomials and satisfies 
x" > x^ x"+T > x'^+T for all a,/3,7 G {0,1,2,...}". Then < refines the 
partial order ^. 

Since we are going to work with divisibility in 'Z/m[xi, X2, ■ ■ ■ , Xn], we need to 
distinguish between divisibility in Z/m and in Z. We set a|,, 6 3 k € Z : 
b — a ■ k and a\ b :<^ 3 k E Z : to|., (6 — a • fc), that is, b and a ■ k represent 
the same residue class in Ij/m. For two monomials ax",5x'', we say that ax" 
divides bx^ , if a| bAa ^ f3. We then write ax"|6x'', using the ordinary symbol. 

Let / = ao -x"*"' + ■ ■ ■ + ak -x"* ' be a polynomial in C[xi, X2, ■ ■ ■ , Xn] with ai ^ 
for < i < fc, and > > ■ • • > a;" . We use the following notation: 

deg (/) ~ max{ a^*^ \ < i < k} total degree of /, 

LT (/) = ao • x"*"' leading term of /, 

LM (/) = x"' ' leading monomial of /, 

LC (/) = ao leading coefficient of /, 

L (A) - (LT (/) I / G leading ideal of A, 

for A C C[xi,X2, . . ■,Xn], A^%. 

For an ideal / C C\x\,X2, ■ ■ ■ , Xn\ a finite set G C C\x\,X2, ■ ■ ■ , Xn\ is called a 
Grobner basis of / if 

G C /, and L (/) L (G) . 

That is, G is a Grobner basis, if the leading terms of G generate the leading ideal 
of /. Note that in general, all defined objects depend on the chosen monomial 
order. Especially, a set G may be a Grobner basis only with respect to a certain 
monomial order. We also remind the reader that with the given definition, G 
already generates /, cf. p^J. 

G is furthermore called a strong Grobner basis if for any / G /\{0} there 
exists a polynomial .g G G satisfying LT (g) | LT (/). A strong Grobner basis G 
is called minimal strong if LT (gi) \ LT (52) for all distinct 51, 52 G G. It is a 
well-known fact that a strong Grobner basis can always be constructed from a 
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given Grobner basis when C is a principal ideal domain, see e.g. [T]. 
Note that if C is a field, any non-zero coefficient of a term is invertible in C, 
and thus L (A) — (LM (/) \ f ^ A). It is easy to verify that in this case every 
Grobner basis is a strong Grobner basis. As the following example shows, this 
does in general not hold when C is a ring: 

Example 2.1. Consider C :— Z/6, and the polynomial ring C[x] with one 
variable. Then G := {2a:, 3a;} is a Grobner basis of the ideal I :— (x). But since 
neither 2x nor 3a; divide x, G is not a strong Grobner basis. 

We shall now capture the central notions of this paper. 

Definition 2.2. To any polynomial f e G[xi, X2, ■ . ■ , a;„] we associate the poly- 
nomial function f : C" — > G, (ci, C2, . . . , c„) /(ci, C2, . . . , c„). We call f a 
vanishing polynomial if the function f is identically zero. 
The set Io = {f e G[ ] \ f is a vanishing polynomial} is obviously 

an ideal in G[xi, X2, ■ . . , Xn], called the ideal of vanishing polynomials. 

3 A Minimal Strong Grobner Basis of the 
Ideal of Vanishing Polynomials 

3.1 The Ideal of Vanishing Polynomials 

From now on let the coeflScient ring be C = Z/m, where m > 2, except stated 
otherwise. The following results were inspired by the work of Singmaster [S], 
Kempner [6J, Halbeisen, Hungerbiihler, and Lauchli [1], and Hungerbiihler and 
Specker [5]. Already in Lemma 5 of [6], a univariate version of the following 
lemma was proven. Theorem 7 of [1] restated this result, and [S] came up with 
a generalization to multivariate polynomial rings over Z/m. 

Lemma 3.1. Let a ^ Z and a — {ai, . . . , a„) Nq such that m\^aal. Then 

n ai 

Pa,a ■= a]^]^(a;i - G Z/m[a;i, . . . , a;„] 

i=l 1=1 

is a vanishing polynomial. 

Proof. Fix an arbitrary point (ci, C2, . . . , c^) G C". Then Pq,.q(ci, C2, . . . , c^) 
contains, for all i, by definition the ai successive factors Ci — l,Ci — 2,..., 
Ci — ai. Independent of the value of Ci, these contain all factors from 2 up 
to ai. Therefore, a^! divides Pa,a{ci,C2, . . . ,c„), for all i. By combining these 
results, it follows immediately that aail ■ ■ ■ a„! divides p^^a (ci,C2,...,c„). With 
m\_^aal this yields Pa.aici, C2, . . . , c„) = modulo m. □ 

Let us now take a closer look at an arbitrary vanishing polynomial: 

Lemma 3.2. Let f E Lq C 1i/m[xi, X2, ■ • . , a;„] be an arbitrary vanishing poly- 
nomial with LT (/) ~ bx^ . Then m\ b(3\. 
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For the proof we use some of the ideas introduced in [S], which are based on 
the notion of partial differences in the multivariate setting. Already Carlitz 
used partial differences in the univariate case, see [5], to give a necessary and 
sufficient condition for a function / over Z/p*^ to be a polynomial function^ 

Proof. Let C[xi, . . . , Xn] denote an arbitrary polynomial ring over n > 1 vari- 
ables, and let h € C[x] be a polynomial. Then we may define the i*'* partial 
difference 

V'i/l . — hi^Xi ^ . . . , Xi—i^Xi f, . . . , Xji ) , . . . , X^—l , Xj, . . . , Xyi), 

for 1 < I < n. Note that is a linear operator. 

Now we can define the successive application of the operator by 

V°/i := h, and V-'+^/i := ViVih, for A: > 0. 

(For n = 1, V^h coincides with Carlitz' A'^h; see [2].) 

Since obviously, ViVj/i = h{xi, . . . ,Xi + 1, . . . ,Xj + f , . . . , a;„) — h{xi, . . . , 
Xi + I,. .. ,Xn) - h{xi, . . . ,Xj + I,. . .,Xn) + h{xi, . . . ,x„) = V jV ih, for all 
i,j G {f,...,n}, we can extend the operator to arbitrary multi- indices, that 
is, with a = (cki, . . . , Q!„) S {0, 1,2,.. .}", the term 

is independent from the order of application of the Vi operators and hence well- 
defined. 

Let us consider the difference {xi + I)''' — x^ ~ k ■ x'l^^ + g{xi), where g consists 
of lower terms only, that is, deg (g) < k — \. A simple induction shows that 
= A:! and V^xf = 0, whenever j > k. Let now ax" := LT {h) denote the 
leading term. Then, mainly due to the linearity of the Vi operators, it is easy to 
see that the previous facts can be further abstracted to the general statements 

V"/i = aa\ and V^h = 0, for all (3 >~ a. 

We apply the first equation to the vanishing polynomial / over the ring TLjm,: 
With / also V/ = 5/9! must be a vanishing polynomial, by construction. But 
this implies 6/3! = modulo m. □ 

3.2 A Minimal Strong Grobner Basis of /q 

The above lemmas suggest to consider the set of all polynomials "Pa^a for which 
neither a nor a can be replaced by a smaller multi- index or element of Z/m, 
respectively, without loosing the condition •m\^aa\. (This minimality of a 
has been inspired by the so-called Smarandache function which maps m to 
min{k G N | mj^fc!}. This function played a role in previous works which stud- 
ied the univariate case, and had been named after F. Smarandache, see |10] . 

^I.c, /(a) = g{a) mod p'' , for all a g Z/p* and some polynomial g G Z/p''[x]. 
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although the idea had been introduced earher by Kempncr in Definition 1 of 
[6].) We thus define 

Sm := { (a, a) | 1 < a < to, a\_m, a G Nq, m\_^aa\, 

y [3 < a : TO a/3!, 

V 6 < a, a : to ba\ }, 
G,„ := {pa,a I (a, a) e Sm }. 

Note that, according to Lemma 3.1, all polynomials in Gm will still be elements 
of /q. And by Lemma 3.2, we can hope to have constructed a strong Grobner 
basis. 

Theorem 3.3. Let to > 2 and n > I be arbitrary integers. With the above 
notations, Gm is a minimal strong Grobner basis of the ideal of vanishing poly- 
nomials Iq C Z/m[xi,X2, ■ ■ ■ jXn], independent of the global monomial order. 

Before we prove the theorem, let us take a look at an example. 

Example 3.4. Let m = qi ■ q2 ■ ■ ■ qk be a product of k > 1 mutually distinct 
primes, and n > 1 arbitrary. We assume qi < q2 < . . ■ < qk- Then we can 
immediately write down all elements of Gm ■ 



{Xi - 

qk-{xi - 
qk ■ qk-i-{xi - 



l){x. 


-2). 


■ • {Xi 


- qk) 


1 ^ 


l)(x. 


-2). 


■ ■ {Xi 


- qk- 




l)(x. 


-2). 


■ ■ {Xi 


- qk- 


-2), 



qk ■ qk-i ■ ■ ■q2-{xi - l)[xi - 2) ■ ■ ■ {xi - qi), 
in each row for all i £ {1, 2, . . . , n}. 

Note that the first type of polynomial is in Gm, as qk\ already contains all 
qj, thus to|., (7fc!. Also, we need to have all qk polynomial factors since, for all 
r < qk, qk \„ t\, i.e. to \^ r\. For the following polynomials, the argument is 
similar. Moreover, it is easy to see that we do not have elements in Gm involving 
two or more variables, and the presented polynomials are all elements of Gm- 
In this special case \Gm\ — k-n, and the maximal degree is qk- This means that 
the size of the basis is only linear in the number of variables. 
For the case fc = 1, Z/gi is a field, and we obtain only the n polynomials in the 
top row, which are well-known for this case. 
We now prove the theorem: 

Proof. Let us fix to > 2, the number of variables n > I, and an arbitrary global 
monomial order. We first show that Gm is indeed a Grobner basis of /q. To this 
end, it suffices to show that (i) Sm and hence Gm is a finite set, (ii) Gm C Iq, 
and (ui) L (Iq) C L (Gm), since (ii) imphes the other inclusion L (Gm) C L (/q). 
(i) Since (a, a) G Sm implies a ^ (to, to, ... , to), the set is clearly finite. 
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(ii) Gm consists of polynomials Pa,a with m| aa\. Then Gm C /o by Lemma 
3.1. 

(iii) Let / G L(/o) be arbitrary. Then there exist some integer > 1, 
hi G Z/(m)[a;i, a;2, . . . ,a;„] and fi G Io,l < i < N, such that 

N 

/ = 5]/i,-LT(/,). 

i=l 

Writing a,;x"' := LT(/,), we obtain m\^aia^^'\ from Lemma 3.2. Now either 
Oi) is already an element of Sm- Or we can replace at by some bi\^ai 
and/or a'*^ by some /3W < a(^) such that 5^) G S'^. We can subsume both 
cases in saying that, for each i G {1,2,..., N}, there is some (z?*^*^ , bi) G S*™ such 
that 6ix'^''' I LT (/i). With appropriate polynomials gi,l < i < N, this amounts 
to 

N 

/ = ^/i, - .9, • LT (p/3(.),6j , 

i.e., / G L(G™). 

Next, let / G /q. Then, with the same argument as for the fi above, there 
exists a p^^c £ G,n such that LT (p^^c) \ LT (/). This shows that Gm is a strong 
Grobner basis. 

It remains to show that Gm is minimal. To this end, pick two pairs (a, a), b) G 
such that ax"|6x'^. Then a\^b, cL\^ni, b\^m, and a < fi. We need to prove 
that a = b and a — (3. Computing in Z, take a prime factor g of 6 and fc > 1 
maximal such that q''\^b. Suppose q'' \^ a. Then aa\ would have at least one 
less factor q in its prime factorization than 6a!. But since mj^aa!, we then had 
m\_ b/q ■ a\\_ b/q ■ /?!, and b would not be minimal in [(3,b) G Sm- We conclude 
that6|^a. We write this as a = d-& for some d|^m. Now a| fe, that is, m|^a-c — 6 
for some c. Putting things together we get fed = a| m| bcd~b — b{cd—l). Hence 
d\^ {cd — 1) which can only hold for d = 1, implying a — b. But then we must 
also have a = [3, since otherwise (3 would not be minimal in b) G Sm- D 

We now show that leading terms of minimal strong Grobner bases of 
/o C Z/m[a;i, a;2, . . . , a;„] are unique, up to multiplication by units of l/m. 
We prove this result as a consequence of a more general statement for ideals 
over arbitrary commutative rings with 1 that has, to our knowledge, not been 
stated before. (Note the similar statement in the field case; see e.g. Proposition 
1.8.4 in p.) 

Theorem 3.5. a) LetG,F be two minimal strong Grobner basis of an arbitrary 
ideal I C C[xi, X2, - - - , Xn], where C is any commutative ring with 1. Then 
\G\ — \F\, and the sets of leading terms in G and F coincide up to multiplication 
by elements of C , i. e., 

^geG 3feF 3cgC LT (g) = c • LT (/) . (*) 

b) In the case of G = l^jm and I = Iq, the ring elements c in (*) can be chosen 
to be units ofZ/m. 
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Note that the second statement holds for any ideal, if the ring C is a domain. 

Proof, a) Starting with the proof of (*), wc pick any g G G C /. Then, by 
strongness of F, there is some f € F such that LT (/) | LT (g). Vice versa, by 
strongness of G, there must be some g' G G such that LT {g') \ LT (/). Therefore, 
LT ((/') I LT (/) I LT (g), which implies g — g' , by minimality of G. But then the 
leading monomials LM (/) and LM {g) must also coincide, yielding the desired 
relation between LT (/) and LT (g). 

Similar to the previous argument, it is easy to see that no two distinct leading 
terms in F can fulfil a relation (*) with the same leading term in G, and vice 
versa. This implies the equality |{LT(g) | 5 e G}| = |{LT (/) | / e F}| which 
clearly amounts to |G| = by the minimality of G and F. 
b) We first choose G = Gm to be the explicitely given Grobner basis, and F 
any other minimal strong Grobner basis of /q C 'L/m[xi,X2-, ■ ■ ■ ,Xn]- Consider 
a relation as in (*), i. e., 6 • = c • a • x" , where (/?, 6) € Sm and a ■ x" denotes 
the leading term of some f £ F. Then b = a-c mod m, in other words m\^ac—b. 
Now let a := gcd(a, m) be the maximum portion of a that divides m, that is, 
a = a ■ u, where gcd (u, to) = 1 which is equivalent to u being a unit in Z/m. 
Since d\ ml ac — b, we obtain a\ b. 

We want to show o = 6, so for a contradiction let us assume a <b. f G F c Iq 

implies m\^aal by Lemma 3.2, hence toI^oq;! = a(3l, as the factors in a/ a do 
not affect divisibility by to and since obviously a = p. But this means that we 
could replace b by the smaller d and still preserve the condition m\^d/3\. This 
contradicts the minimality of b in (/?, b) £ Sm- Hence a = b. 
We thus arrive at the claimed relation u ■ bx^^ = ax" , and c can be replaced by 
the unit u''^ € (Z/m)*. 

We have shown that wc can relate the leading terms of any minimal strong 
Grobner basis F of Jq C Z/m[xi,X2, ■ ■ ■ ,Xn] to the leading terms in Gm by 
units. By transitivity, we can now clearly also relate the leading terms of any 
two minimal strong Grobner bases by units. This concludes the proof. □ 

Note that an arbitrary factor c, relating two leading terms, need not necessarily 
be a unit. For example, consider the polynomial f{x,y) = 3(a; — — 2)- 
(y — l){y — 2) £ G12. We may switch to another minimal strong Grobner basis 
of /o C Z/12[x,y], simply by replacing f{x,y) by f'{x,y) = 9{x - l){x - 2)- 
{y — l){y — 2). Note that over Z/12 the ideals (/) and (/') are identical. Thus, 
\ {/}U{/'} must still be a minimal strong Grobner basis. Now obviously 
LT (/') = 3 • LT (/), but 3 is not a unit in Z/12. 

Wc point out that minimal strong Grobner bases arc in general not unique. This 
is due to the fact that we only consider leading terms and do not require tail 
reduction here. For example, in the case of the ideal Iq, we can easily modify 

the basis Gm and still obtain a minimal strong Grobner basis. To this end, we 
may pick two elements /, g G G„j with LM (g) < LM (/) and replace / by / + .g. 

Let us once again take a look at the complexity of Gm, that is, the size |Gm| as 
a function of the number of variables n. The discussion that followed Example 
3.4 already made clear that \Gm\ is only linear in n, when all prime factors 
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of m arc mutually distinct. In the general case when m = ■ ■ ■ ■ (f^ 
with some Cj > 1, the construction is combinatorially more complex. However, 
based on the following investigation for the practically relevant case m = q'',we 
conjecture that for fixed m the size of G„i is always of polynomial order in n. 
Since we are interested in the asymptotic behaviour of \Gm\ for large n, we may 
assume that n is much larger than m = q'^. We can decompose Gm into the 
disjoint union 

Gm= \J Gli\ where 

0<j<k 

Gli^ :={q^ • (x. - 1) • • • {x, - {k^j)q) \ 1 < i < n} 

^{q^ ■ {Xii -!)•■• {xi^ - siq){xi2 -!)••• - S2q) | 
1 < «i, ^2 < n; ii ^ i2; 1 < si, S2; si + S2 = - j} 

Ll{q' ■ {xi, - 1) • • • {xi, - q){x^^ -!)••• {x^^ -«?)•• • 

{xik-j -!)••• {Xi^_j -q) I 1 < iu < n;iu iv iox u ^ v], 



that is, in Gm we have the constant coefficient q^ , and we have polynomials in 
1 up to fc — j variables. With hj := \Gm\, we obtain the very rough estimates 



n 

k-jj' 



For h := \Gm\ = J2o<j<k "^^ ^hus get 



fc-i 

n \ 

< 

k 



and h = \Gm\ is of polynomial order of degree k in the number of variables n. 



3.3 Computing the Reduced Normal Form 
of a Polynomial 

After we have given a minimal strong Grobner basis of /q C Ij/m[xi,X2, • ■ ■ , a;„], 
we shall now turn to computing representatives of the residue classes in 
{'Z/m[xi,X2, ■ ■ ■ ,Xn]) /Iq- When we impose certain bounds on the coefficients 
of all monomials, these representatives are unique: 

Proposition 3.6. Every residue class f G {Z/m[xi,X2, ■ ■ ■ ,Xn,]) /lo has a 
unique representative f G Z/m[xi,X2, ■ ■ ■ , Xn] of the form 

f = flax", where < aa < — r-— — r-, for alia. 

^ — ' ffcd Im.. (T 1 
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Note that, whenever m\^a\, the given bound forces to be zero. 



Proof. Let / G 'Z/m[xi,X2, ■ ■ ■ .x,,] be an arbitrary polynomial. Suppose / 
containes a monomial ax" for which a > c := — -rp^ — rr- Due to division with 
remainder of a by c in Z, we obtain a — k ■ c + r for some £ {1, 2, . . .}, and 
< r < c. Now, gcd(m a') ■ words, m\^ca\, and p^.c e /q by Lemma 

3.1. 

As a consequence, / and /' :— f — k-pa^c li(3 in the same residue class. Moreover, 
the coefficient of x" in /' is a — fe • c = r, for which the claimed bound holds. 
Since we have a global order on the monomials, we need only finitely many 
repetitions of the presented reduction step, in order to arrive at a polynomial g 
which also lies in the residue class of /, and the coefficients of which all satisfy 
the required bound condition. 

For proving uniqueness of the constructed representative, assume we have two 
representatives /i,/2 of the residue class of /, realising all coefficient bounds. 
Then, by defining either g ■— fi — or g := /2 — /i, we obtain a polynomial 
5 e Jo with LT {g) — ttx" and < o < g^^^™ . By Lemma 3.2, we know that 
ml aa.\. 

'z 

We need to show that a = 0; so for a contradiction, let us assume that a > 0. 
With h := gcd (m, a) we still have ba\, i. e., y |^ a).. Then also y |^ gcd (m, a!) 
which implies m|^?)-gcd (m, a\). But 6-gcd (m, a\) < a-gcd (m, a!) < m, yielding 
the desired contradiction. □ 

As an immediate consequence, we can coimt the number of polynomial functions 
which is the same as the number of residue classes in (Z/m[a;i, X2, ■ ■ ■ , /Iq: 

Corollary 3.7. The number of polynomial functions (Z/m)" Z/m is given 
by 

N= TT - 

ae{o,i . m-i}'^ gcd(m,a!) 
In comparison, the number of all functions (Z/m)" ^ Z/m equals 

^Cm") = -Q m = N- Yl gcd (m, a!) . 

ae{0,l,...,m-l}" ae{0,l,...,m-l}'' 

Hence, if m is not prime, there are much fewer polynomial functions 



Z/m — > Z/m 


No. of functions 


No. of polynomial functions 


m = 2^ 


256 


64 


m = 28 


10616 


10^6 


m = 2^6 


10315652 


1052 


m = 232 


1041373247567 


10184 



(Z/m)" — *■ Z/m than functions. This has the consequence that not every prob- 
lem which can be modelled by functions, like problems coming from formal 



10 



verification, can be modelled by polynomials over Z/m (cf. [12] where, never- 
theless, polynomial ideals over 2/2*^ have been used successfully). 

Following the idea in the proof of Proposition 3.6, we are able to present a very 
fast algorithm for computing the reduced normal form, that is, the unique rep- 
resentative of a residue class in the ring Z/m[a;i, X2, . . . , Xn] module Iq. (see [S] 
for Z/2'=): 



Algorithm 1 Reduced normal form in Z/m[a;i, a;2, . . . , x„] with respect to Iq 
Input: / e 'Z/m[xi,X2, ■ ■ ■ ,Xn\ a polynomial, > any monomial order on 

Z/m[xi,X2, ■ ■ ■,Xn] 

Output: h the reduced normal form of / with respect to Iq 
h := 

while / ^ do 

ax" := LT (/) 

C ■= "I 

gcd(m,a!) 

solve a = k ■ c + r with fc G N and < r < c 

h := h + rx" 

f ■= f -k- pa^c - ryi°' 
end while 
return h 



Note that the algorithm makes sure that f + h will always represent the same 
residue class, as pa.c G Iq- Since initially h = 0, this class must be the residue 
class of /. After termination, which is ensured by the global order, h consists 
only of terms with appropriate coefhcient bound, i.e., h must be the unique 
representative as given in Proposition 3.6. 

3.4 Computing Minimal Strong Grobner Bases 
over Different Rings Z/m 

The simple structure of minimal strong Grobner bases provides us with a re- 
cursive means to construct Gm from bases for smaller m. We are especially 
interested in computing Gm from the elements of the already computed set 
Grm where M — q ■ m with q a prime number. The following pairwise disjoint 
decomposition of Gm is easy to verify: 

Gm ^ {p a, a I Pa, a 

e Gm, {a, a) £ Sm} 

U {p 

a,aq \ Pa, a 

e Gm, {a,aq) E Sm} 
U {Pa+p,b I Pa.a eGm,^l3€ B{a, o, q) 3 6|^M : (a + /?, b) G Sm}, 

where B{a, a, q) denotes the set of all (3 >■ (0, 0, . . . , 0) such that (a+/3)! contains 
one more prime factor q than aa\. 

This decomposition says that we may already directly find elements of Gm in 
Gm- Or, secondly, we may build an element of Gm by multiplying an element 
of Gm by q. Besides altering the coefficient only, we can also try to enlarge 
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the exponent vector of some pa,a G Gm such that the new exponent factorial 
(a + /?)! contains one more prime factor q than aa\. However, enlarging the 
exponent may introduce many more divisors of M, so that in general we need 
to adjust the coefficient. It is easy to sec that once a suitable /? is found, we can 
set b = gcd(M'xa+;3)!) • '^^^ search for suitable f3 can obviously be limited to the 
set defined by the condition (3 ^ {q,q, . . . ,q), that is, we know a finite superset 
of B{a, a, q). 

In practice, all three cases may occur. The following examples are numbered 
according to the order in the above decomposition. (The number of variables, 
n, equals 2.) 

Example 3.8. 

1. G3 C Gq, since 3! = 6 already contains all necessary factors; see Example 
3.4 (and the remark regarding k = 1) to recall the elements of G^. 

2. With q any prime, we have P(3,o),2 € G12 and p{^fi)^2 q € Gi2-9- 

3. We have 6(a; — l)(a; — 2)(y — l){y — 2) G G24- We try to construct 
an element in G24.3 hy enlarging the product of x and y terms. Since 
6 ■ 2! • 2! contains one prime factor 3, we try to move to the target product 
{x — l)(x — 2)(x — 3)(y — l){y — 2)(y — 3) which realizes one more factor 
3 because 3^|„3! • 3!. Now b — ,^cd(72^3!-3!) ~ "'^^ hence 2{x — \){x — 2)- 
(x-3)(?y-lKj;-2)(y-3) eG72. 

The above decomposition of Gm-, and the structure of Gq for a prime q as 
discussed in Example 3.4, give rise to the following algorithm. 
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Algorithm 2 RecComp(M), Recursive computation of Gm 
Input: M € {2,3,...} 
Output: Gm 

pick any prime factor q of M 

ii M = q then 

A:= {q- a I 1 < i < n}, where the ej are the unit vectors in N" 
G := {pa,i \aeA} 
else 

TO := M/g 

H :=RecComp(m) 

G:={} 

for all Pa,a 

gH do 
if (a, a) G S'm then 

G := G U {pa,„} 
else 

G := G U {pa.a-q} 

for all /3 e a, g) C {/3 | (0, 0, . . . , 0) ^ /3 ^ (g, 9, . . . , g)} do 

h — M 

" gcd(M,(Q+/3)!) 

G := G U {Pa+/3,6} 

end for 
end if 
end for 
end if 
return G 
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